[virusinfo] Panda Software's weekly report on viruses and intruders - 6-17-05
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Fri, 17 Jun 2005 18:03:22 -0700
From; Panda Virus Alerts:
- Panda Software's weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
MADRID, June 17, 2005 - This week, Panda Software's report looks at three
examples of malware, the Trojan Downloader.DCM, the backdoor Trojan
Dumador.BC, and the hacking tool Looxee. What's more, it includes six new
vulnerabilities in Microsoft Windows, classified as critical.
Downloader.DCM is a Trojan that downloads Dumador.BC and runs it. Like the
majority of Trojans, it must be manually distributed. When it is installed
on a computer, it uses a sophisticated technique to hide from any firewalls
that can be installed on the computer: It creates a remote run thread
associated to the process explorer.exe, so that the firewall thinks that
Explorer is accessing the Internet, when Downloader.DCM is actually
accessing. When it connects to the Internet, this thread deletes the
downloader file and downloads and runs another file (the backdoor Trojan)
from a specific website, pretending to be a temporary file.
Dumador.BC, the file downloaded by the downloader, is a backdoor Trojan
that cannot spread by itself. Its function is to allow remote control of
the affected computer by opening TCP ports in the computer and receiving
remote run command requests. It also logs different user details and
modifies the system hosts file to prevent the computer from accessing the
websites belonging to antivirus companies.
Looxee is a hacking tool that monitors and logs different activities
carried out by the user of the affected computer, such as the email
messages sent and received, chats via instant messaging, websites visited
and it even captures screenshots, among other actions. Curiously, it has a
characteristic that warns the user, if a certain key word is entered. This
tool is not dangerous as such, but can be used for malicious purposes.
What's more, a series of vulnerabilities have been reported and are
detailed by Microsoft in the bulletins MS05-025, MS05-026, MS05-027,
MS05-028, MS05-029 and MS05-030. These vulnerabilities affect various
Microsoft applications and have been classified as critical. Therefore, it
is recommendable to apply the update in order to keep your computer
protected from malware that can exploit these vulnerabilities to get into
your computer. The affected applications are Explorer, Windows, SMB
(Service Message Block), Web Client Service, Outlook Web Access for
Exchange Server 5.5 and Outlook Express.
To prevent these malware or any other malicious code from affecting your
computer, Panda Software recommends keeping antivirus software up-to-date.
Panda Software clients can already access the updates to detect and
disinfect these malicious code.
For further information about these and other computer threats, visit Panda
Software's Encyclopedia.
------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Panda Software's weekly report on viruses and intruders - 6-17-05
